svn commit: r366754 - head/sys/crypto/aesni
Marcin Wojtas
mw at FreeBSD.org
Fri Oct 16 11:21:57 UTC 2020
Author: mw
Date: Fri Oct 16 11:21:56 2020
New Revision: 366754
URL: https://svnweb.freebsd.org/changeset/base/366754
Log:
Add support for ESN in AES-NI crypto driver
This patch adds support for IPsec ESN (Extended Sequence Numbers) in
encrypt and authenticate mode (eg. AES-CBC and SHA256) and combined mode
(eg. AES-GCM).
For the encrypt and authenticate mode the ESN is stored in separate
crp_esn buffer because the high-order 32 bits of the sequence number are
appended after the Next Header (RFC 4303).
For the combined modes the high-order 32 bits of the sequence number
[e.g. RFC 4106, Chapter 5 AAD Construction] are part of crp_aad
(prepared by netipsec layer in case of ESN support enabled), therefore
non visible diff around combined modes.
Submitted by: Grzegorz Jaszczyk <jaz at semihalf.com>
Patryk Duda <pdk at semihalf.com>
Reviewed by: jhb
Differential revision: https://reviews.freebsd.org/D22365
Obtained from: Semihalf
Sponsored by: Stormshield
Modified:
head/sys/crypto/aesni/aesni.c
Modified: head/sys/crypto/aesni/aesni.c
==============================================================================
--- head/sys/crypto/aesni/aesni.c Fri Oct 16 11:18:13 2020 (r366753)
+++ head/sys/crypto/aesni/aesni.c Fri Oct 16 11:21:56 2020 (r366754)
@@ -249,14 +249,15 @@ aesni_cipher_supported(struct aesni_softc *sc,
}
}
+#define SUPPORTED_SES (CSP_F_SEPARATE_OUTPUT | CSP_F_SEPARATE_AAD | CSP_F_ESN)
+
static int
aesni_probesession(device_t dev, const struct crypto_session_params *csp)
{
struct aesni_softc *sc;
sc = device_get_softc(dev);
- if ((csp->csp_flags & ~(CSP_F_SEPARATE_OUTPUT | CSP_F_SEPARATE_AAD)) !=
- 0)
+ if ((csp->csp_flags & ~(SUPPORTED_SES)) != 0)
return (EINVAL);
switch (csp->csp_mode) {
case CSP_MODE_DIGEST:
@@ -864,6 +865,10 @@ aesni_cipher_mac(struct aesni_session *ses, struct cry
else
crypto_apply(crp, crp->crp_payload_start,
crp->crp_payload_length, ses->hash_update, &sctx);
+
+ if (csp->csp_flags & CSP_F_ESN)
+ ses->hash_update(&sctx, crp->crp_esn, 4);
+
ses->hash_finalize(res, &sctx);
/* Outer hash: (K ^ OPAD) || inner hash */
More information about the svn-src-all
mailing list